Bonzo Lend TVL Plunges 77% After $9.05 Million Oracle Exploit Hits Hedera



What to Know

  • Bonzo Lend, a decentralized lending protocol on the Hedera network, suffered an estimated $9.05 million loss after an oracle-related exploit.
  • The attack involved a verification flaw in a third-party Supra oracle contract used to submit price information.
  • The attacker deposited 250 SAUCE tokens with little value and submitted a manipulated price update that inflated the tokens’ HBAR-denominated value.
  • The inflated collateral value enabled the account to borrow 6.63 million USDC and 34.52 million wrapped HBAR.
  • At a reference HBAR price of $0.06998, the withdrawals were valued at approximately $9.05 million.
  • A second wallet borrowed roughly $1 million in additional assets while the abnormal price remained active, later identifying itself as a white-hat responder and indicating an intent to return funds.
  • Bonzo placed total principal borrowed during the incident at approximately $10.06 million before recovery, while excluding the second wallet’s assets from the headline loss estimate.
  • Hedera’s total value locked fell nearly 40% in 24 hours to $25.7 million, while Bonzo’s TVL dropped 77% after the exploit.

Bonzo Lend Faces Major Liquidity Shock

Bonzo Lend, a decentralized lending protocol operating on the Hedera network, has been hit by a major oracle-related exploit that resulted in an estimated $9.05 million loss. The incident has quickly become a significant stress event for Hedera’s decentralized finance ecosystem, not only because of the size of the borrowed assets but also because of the direct impact on total value locked across the network.

The exploit centered on a verification flaw in a third-party Supra oracle contract. Oracles are a critical component of decentralized finance because they provide external price data to smart contracts. Lending protocols rely on these price feeds to determine how much a user’s collateral is worth and, in turn, how much that user can borrow. When an oracle price can be manipulated, even temporarily, it can distort collateral calculations and allow a borrower to extract assets far beyond the real value of deposited tokens.

In this case, the attacker deposited 250 SAUCE tokens that had little value and then submitted a manipulated price update that inflated the tokens’ value when denominated in HBAR. With the collateral value artificially boosted, the account was able to borrow assets far in excess of what the collateral should have supported under normal pricing conditions.

How the Oracle Manipulation Worked

The mechanics of the incident reflect a familiar risk in decentralized lending markets: if collateral valuations are compromised, the lending system can be made to treat weak collateral as if it were highly valuable. The attacker’s 250 SAUCE token deposit became the foundation for a much larger borrowing action after the abnormal price update took effect.

Once the inflated valuation was active, the account borrowed 6.63 million USDC and 34.52 million wrapped HBAR. At the reference HBAR price of $0.06998 used in the incident figures, those withdrawals were worth approximately $9.05 million. That estimate represents the primary loss attributed to the exploit and highlights the scale of damage that can occur when oracle validation fails.

For lending protocols, collateral integrity is one of the core pillars of solvency. If a platform cannot accurately assess the value of collateral in real time, the gap between borrowed assets and recoverable collateral can widen within minutes. In decentralized markets, where transactions can be executed rapidly and without centralized intervention, even a short-lived pricing error can produce outsized losses.

Second Wallet Adds Complexity to the Incident

The event also involved a second wallet that borrowed roughly $1 million of additional assets while the abnormal price remained active. That wallet later contacted Bonzo through Discord, identified itself as a white-hat responder to the incident, and said it intended to return the funds. Because of that communication and stated intention, Bonzo excluded those assets from its headline loss estimate.

Including the second wallet’s activity, total principal borrowed during the incident was placed at approximately $10.06 million before recovery. The distinction between the $9.05 million estimated loss and the broader $10.06 million principal figure is important for market participants assessing the impact. The higher figure reflects the total scale of borrowing during the abnormal pricing window, while the lower figure reflects the amount treated as the headline loss estimate after excluding the white-hat-linked activity.

White-hat involvement can sometimes help protocols contain damage, recover assets, or document vulnerabilities. However, it can also complicate initial loss estimates because funds may move during the same exploit window but under different intentions. For users and liquidity providers, the key issue remains whether borrowed assets can be recovered and whether confidence in the protocol’s risk controls can be restored.

Hedera DeFi TVL Drops Nearly 40%

The exploit produced an immediate market reaction across Hedera’s decentralized finance landscape. Hedera’s total value locked fell nearly 40% in 24 hours, dropping to $25.7 million. Bonzo’s own TVL declined even more sharply, plunging 77% after the incident.

Total value locked is widely used as a measure of the amount of capital deposited into decentralized finance protocols. While TVL does not capture every dimension of protocol health, a rapid drop often signals user withdrawals, reduced confidence, forced liquidity changes, or asset value shifts following a major security event. In lending markets, TVL can be especially sensitive because depositors may move quickly to reduce exposure when solvency, collateral pricing, or oracle reliability is questioned.

The 77% decline in Bonzo’s TVL underscores the severity of the confidence shock. Lending protocols depend heavily on trust in automated risk systems, including collateral factors, liquidation mechanics, and oracle feeds. When one of those components fails, users often reassess whether the yield opportunity justifies the perceived technical risk.

Why Oracle Security Matters in DeFi

Oracle risk has long been one of the most consequential vulnerabilities in decentralized finance. Smart contracts can enforce rules precisely, but those rules are only as reliable as the data inputs they receive. If a lending protocol accepts a manipulated price update, its smart contracts may behave exactly as designed while still producing a damaging financial outcome.

For this reason, oracle systems typically rely on multiple safeguards, including validation logic, price deviation checks, time-weighted pricing, independent data sources, and limits on how quickly collateral values can change. When any verification layer is insufficient, attackers may attempt to exploit the gap between real market value and the price recognized by the protocol.

The Bonzo incident shows how a relatively small deposit can be transformed into a major borrowing position if the underlying collateral valuation is distorted. The deposited 250 SAUCE tokens were described as having little value, yet the manipulated update allowed them to support borrowing measured in millions of dollars. That mismatch is precisely the kind of scenario oracle defenses are meant to prevent.

Market Confidence and Recovery Focus

Attention now turns to recovery, accountability, and the response from the protocol and related infrastructure providers. Market participants will be looking for clarity on the exploit path, whether the vulnerability has been closed, how remaining user funds are protected, and whether any portion of the borrowed assets can be recovered.

For Hedera’s broader ecosystem, the incident is a reminder that network-level performance is only one part of decentralized finance security. Even if the underlying chain functions as expected, application-level dependencies such as oracles can introduce significant risk. DeFi protocols often operate as interconnected systems, and weaknesses in one external component can rapidly affect liquidity, user confidence, and ecosystem metrics.

Some chart watchers and DeFi analysts may also monitor whether Hedera’s TVL stabilizes after the nearly 40% decline or whether capital continues to rotate away from affected protocols. A stabilization in deposits would suggest that users are waiting for remediation details, while further outflows could point to deeper confidence concerns.

Broader Lessons for Lending Protocols

The Bonzo Lend exploit reinforces several lessons for decentralized lending platforms. First, collateral listings require careful risk evaluation, particularly for assets with thinner liquidity or more volatile pricing. Second, oracle integrations need robust validation and fail-safe mechanisms. Third, protocols must be prepared to pause or limit borrowing when abnormal price behavior is detected.

Lending markets are especially exposed to pricing failures because they convert collateral value directly into borrowing power. Unlike a simple token swap, a lending exploit can drain multiple assets if the attacker can use one manipulated collateral position to borrow liquid, widely used tokens. In this case, the borrowed assets included USDC and wrapped HBAR, both of which represented far more value than the initial SAUCE token deposit should have enabled.

Security reviews often focus on smart contract code, but the Bonzo event illustrates why dependency risk deserves the same level of scrutiny. A protocol may have sound internal lending logic and still face losses if a third-party price input is accepted without sufficient verification. As DeFi matures, market participants are likely to demand clearer disclosures around oracle design, emergency controls, and collateral-specific risk settings.

What Comes Next for Bonzo and Hedera

The immediate priority for Bonzo is likely to be asset recovery and technical remediation. The communication from the second wallet, which said it intended to return funds after borrowing roughly $1 million of additional assets, may reduce part of the broader principal exposure if recovery occurs. However, the estimated $9.05 million loss remains the central figure for assessing the exploit’s financial impact.

For Hedera, the drop to $25.7 million in total value locked marks a meaningful setback for its DeFi footprint. The decline does not necessarily define the long-term trajectory of the network’s decentralized finance activity, but it does place pressure on protocols to demonstrate stronger safeguards. Users will want to see whether lending markets can resume normal operations with improved oracle protections and clearer risk controls.

Security incidents can reshape user behavior quickly. Some liquidity providers may withdraw until a full explanation and mitigation plan are available, while others may wait to see whether recovered funds reduce the damage. In either case, the exploit has placed oracle security and collateral validation at the center of the Hedera DeFi conversation.

Frequently Asked Questions (FAQs)

What happened to Bonzo Lend?

Bonzo Lend suffered an estimated $9.05 million loss after an attacker exploited a verification flaw in a third-party Supra oracle contract on the Hedera network.

How did the attacker exploit the protocol?

The attacker deposited 250 SAUCE tokens with little value and submitted a manipulated price update that inflated their HBAR-denominated value, allowing the account to borrow far more than the collateral was worth.

How much was borrowed in the main exploit?

The account borrowed 6.63 million USDC and 34.52 million wrapped HBAR, which were valued at approximately $9.05 million using the reference HBAR price of $0.06998.

Why is the total principal figure higher than the loss estimate?

Total principal borrowed during the incident was placed at approximately $10.06 million before recovery because a second wallet borrowed roughly $1 million in additional assets while the abnormal price remained active.

Was the second wallet part of the loss estimate?

Bonzo excluded the second wallet’s assets from its headline loss estimate after the wallet contacted the protocol through Discord, identified itself as a white-hat responder, and said it intended to return the funds.

How did the exploit affect Hedera’s TVL?

Hedera’s total value locked fell nearly 40% in 24 hours to $25.7 million after the exploit, showing a sharp decline in capital across the network’s decentralized finance ecosystem.

How much did Bonzo’s TVL fall?

Bonzo’s total value locked plummeted 77% after the exploit, reflecting a severe liquidity and confidence shock for the lending protocol.

Why are oracles important for lending protocols?

Oracles provide price data that lending protocols use to value collateral. If that data is manipulated or improperly verified, borrowers may be able to take assets worth far more than their actual collateral.

What are users watching next?

Users and market participants are watching for asset recovery, confirmation that the vulnerability has been fixed, and evidence that Bonzo and Hedera DeFi protocols can restore confidence after the incident.

Photo by DS stories on Pexels

Comments (0)

Loading...

Top Exchanges


  • 1
    Crypto Com LogoStart Trading

    Trading cryptocurrencies involves significant risk and users should carefully consider their investment objectives and risk tolerance.

  • 2
    Binance Logo 3Start Trading

    Cryptocurrency trading carries a high level of risk and users should carefully evaluate their financial situation and risk tolerance before participating.

  • 3
    Coinbase LoigoStart Trading

    Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong.

  • 4
    Kraken LogoStart Trading

    Trading cryptocurrencies involves high risk and users should thoroughly evaluate their financial circumstances and risk tolerance.

  • 5
    Gemini LogoStart Trading

    Cryptocurrency trading involves substantial risk and users should carefully assess their investment goals and risk tolerance before participating.

  • 6
    Bitstamp LogoStart Trading

    Trading cryptocurrencies carries inherent risks and users should carefully consider their investment objectives and risk tolerance.

  • 7
    KuCoin LogoStart Trading

    Cryptocurrency trading involves significant risk and users should evaluate their financial situation and risk tolerance before participating.

  • 8
    Uphold LogoStart Trading

    Trading cryptocurrencies carries inherent risks and users should carefully assess their investment objectives and risk tolerance before engaging.